Re: Looking for some event and security log monitoring software

[Matthew Perry <mlperry () gmail com>]

I am going to jump on the bandwagon for splunk as well.  I have used the
universal forwarder on windows and linux and they are very lightweight.

- Matt

On Tue, Jul 10, 2012 at 9:38 PM, anthony kasza <anthony.kasza () gmail com>wrote:

> The time between polling is configurable.
> I too prefer agents as it takes the resource burden away from a single
> machine and provides real time log collection. Installing agents isn't
> always the best solution, however.
> I've been told that Splunk agents (known as Universal Forwarders) have
> a minimal resource footprint but I have never used one.
>
> -AK
>
> On Tue, Jul 10, 2012 at 8:04 PM, Champ Clark III <cclark () quadrantsec com>
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > On 7/10/12 8:50 PM, anthony kasza wrote:
> > > Conceptually similar to SNMP, but not the same. You configure
> > > Splunk with a service account. Periodically, Splunk will login to
> > > those designated systems and collect WMI information. The service
> > > account needs the proper rights and privileges to read WMI on each
> > > system.
> >
> > Thank you.  I was using SNMP-trap in my example,  but that was
> > incorrect.  SNMP is a better analogy.
> >
> > That's the way I was told WMI,  which I've never used,  worked.  How
> > often does polling typically take place?  I assume that configurable?
> >
> > I typically don't like systems that have to manually "poll" for logs.
> >  Hence the reason I believe loading the agent is better.  However,
> > the downfall of that is... well... you have to load the agent...  Some
> > organizations/people don't like that idea either.
> >
> >
> > - --
> > - - Champ Clark III (cclark () quadrantsec com)
> >   Quadrant Information Security (http://quadrantsec.com)
> >   Key Fingerprint: 2E56 C2EB 1B25 C517 D5BA 2DCF 5E70 B2F8 0381 878A
> >   GPG Key ID: 0381878A
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> > Comment: GPGTools - http://gpgtools.org
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> >
> > iQEcBAEBAgAGBQJP/NEzAAoJENnmXt7Lmc3KLcYH/ihIDmKtJfbgSdlFMwRVI9j9
> > I41Kcpz1cvL817VhgY0mv4uKYNnQ4laSrRYHkAhI4bkIVRkGOV3aEez8vl/0t83R
> > z5z1Bdr0T/+VNDLAuJRM3AqlUn6BPQ/8Z7WRBKAyJ0PZZiSwcxWvWRNhRvrBRczS
> > 086j0hIoDQr/K/3yIwJnvbk+5bcgRqSfsv7B3Etaz/OKoYCcN/TRGu8+pjMeRF1g
> > D+f7x/jPpzhGTlc/JIMS1EnBIqq8YEjJ34IJuoT7vK+HSx5mJ1sGiP+aO6X23YJ6
> > Xzv7y9Dfq1dFB4ZmmUj7LVA/4wDLAbi5OQIqkpTd/2oQMjtHj2mA6zWhb8PVCz4=
> > =6QkV
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom () mail pauldotcom com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom () mail pauldotcom com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com



-- 
Matthew Perry

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com